Treating you and your data with the respect it deserves.
On the 25th May 2018, new laws were introduced detailing how companies such as ourselves are allowed to collect and process your data. This document explains how we at HIDS4U do this.
It’s not the most thrilling read, but it is important to show you how your data is used. Maybe grab yourself a cup of tea and read through at your leisure.
We’ve tried to explain everything as simply as possible, but there is a lot of information. If anything is unclear, please contact us for clarification.
We’re not going to insult your intelligence, we’re an internet business that sends your order through the post. Obviously we need to collect some data from you. However it does go further than just a name and address.
GDPR details a number of lawful reasons where we can and should collect data from you. For our company, these fall into 4 main categories as follows:
The first is straight out requirement by law. This could be our legal requirement to hold order data for tax and audit purposes. Or we could be required to pass on details relating to any fraudulent or criminal activity.
As an online retailer, the majority of our orders are to be delivered to you (e.g. at your home or place of work). Therefore we are required to collect your name and address details to pass to the courier companies to allow them to deliver your order.
From time to time, we may place opportunities on our website for you to sign up to receive special offers or exclusive information. By signing up, you are giving us consent to use your data to send such information to you.
With each of these opportunities we will state what data we are collecting and what you should expect to receive from us by signing up.
In certain situations, we will collect and process your data to fulfil activities that we believe are of legitimate interest to you and are deemed a natural and expected part of running our business.
Examples of legitimate interest activity would be to send you emails about products you have purchased or are related, special offers and articles you may be interested in. At any time, you will always have a clear opportunity to opt-out of any communication you feel is not relevant to you.
There are a number of activities that would result in us collecting your personal data. These are as follows:
When you place an order on our website - Name, address (billing and shipping), email, phone number and password. If you used our vehicle lookup facility, we will also store your car details (registration plate number, make, model, variant and year).
In the case of orders for number plates, we are required by the DVLA to collect proof of vehicle ownership and entitlement. Details of proof provided is held on your customer record.
When you register for an account on our website - Name, email and password. Once registered you have the option to provide us your address for future orders.
When you contact us via our website contact form or email - Name and email address.
When you place an order over the phone - Name, address (billing and shipping), email and phone number.
When you sign up to any of our newsletters - Email address and sometimes specific details such as date of birth, vehicles owned, gender and location. All data requested will be detailed at time of sign up.
When you review a product or our company - Your review will be connected to your order details.
You’re doing well, you’re about half way through! Let’s keep going...
Now you are aware of what personal data we collect, it’s time for us to explain how we use it and under what basis we justify that use.
To process orders placed on our website or over the phone. Quite simply we cannot fulfil our side of the order contract without your name and address details. We will pass these details over to the courier company based on the shipping service selected to ensure they can deliver your order.
For fully tracked delivery services we also pass your email address and phone number so the courier can notify you of specific delivery details such as delivery slots, request re-delivery or unable to deliver.
To request product and service feedback. This is done based on legitimate interest as customer feedback allows us to continually improve our products and services we provide.
When you register for an account on our website. Here you are providing consent for your details to be held so our website can give you a streamlined ordering process in future. You are able to delete your profile at any time. This will not remove any order details that we are legally obligated to hold.
When you contact us via email or our online contact form. Your communication content (including any names, emails and phone numbers) are kept within our email system to allow us to correctly address any queries you have raised. We keep this communication for some time to ensure we can refer to it in future should a related issue arise.
When you sign up to any of our newsletters you provide consent for us to send personalised exclusive offers and information of interest via email or mail. You are able to unsubscribe from this communication at any time.
To provide existing customers with personalised product offers and industry information based on your order history and personal data (such as vehicle owned and location). These are sent via email and is based on legitimate business interest. You are of course able to unsubscribe from this communication at any time.
To comply with any legal obligations to share data with law enforcement.
We may combine customer data to determine customer trends which help us make business decisions such as new products, pricing models and special offers. This may be done using a 3rd party analytics system such as Google Analytics. This would be done as a legitimate business interest.
We may also use combined data through analytics software to analyse and improve our website. This helps us to continually improve the customer experience when using our website.
So we’ve talked a lot about collecting, holding and using your data. But how secure is it? Are we leaving it exposed for any rogue character to steal and abuse it? Let’s find out...
Quite frankly, we are very extremely strict on data security.
Our website uses the secure and encrypted https protocols across all pages. This means data you input on any page can’t simply be read or changed by someone eavesdropping on the website connection.
We encrypt all customer passwords so that not even we can see what it is. This does mean if you forget it, you will have to request a new one as we cannot retrieve your current one. However we believe the security benefits of password encryption is worthwhile.
We also regularly update our website with all the latest security updates and keep the website protected behind advanced firewalls specifically designed to block malicious attacks.
No. We only hold the data for as long as is deemed necessary for the purpose the data was initially provided.
For example, we are required to keep your order data for a minimum of 5 years to comply with all of our legal obligations.
For us to complete our business and contractual needs, we work with a number of 3rd party companies. This requires us to share some of your personal data with those companies to complete the business need in question.
However we assure you that every 3rd party company we work with have the highest data privacy and security measures in place. They can also only use your data for the direct purpose that we engage them for (e.g. courier companies can’t send you marketing messages after delivering your order).
The majority of your data held by us can be accessed by logging into your account. At this point you can edit or delete any data held.
For a complete list of all data held, please contact us via email and we will arrange for the details of what we hold to be sent to you within 30 days.
You have the right to request that we remove any data that we hold. Barring any legal or contractual obligations, we will always honour any removal requests.
As a final point of clarification, HIDS4U Limited is the data controller of this website. This means we are responsible for ensuring your data is handled in a secure and lawful manner.
You can now congratulate yourself on getting to the end of this exciting document.